Blogs

As cloud adoption continues to skyrocket, how is your organisation handling the change? Do you have visibility across your whole cloud environment? Are you confident that your team is keeping a lid on costs and maintaining rock-solid security? Do your people have secure access to tools they need, wherever they are?

When it comes to cloud, getting the governance side of things right is more important than ever. Over 40% of Australian organisations are increasing their hybrid cloud investment, and the global cloud industry was tipped to hit US$1 billion in 2021¹. Clearly, cloud works. Yet the proven panacea to so many enterprise IT woes is only beneficial when it’s managed right.

Why is cloud governance so important?

In a nutshell, cloud governance helps you control costs, maintain security, keep a lid on cloud sprawl, and manage cloud adoption.

Dig a little deeper, and cloud governance is essential to striking a balance between innovation and control. With the right guardrails in place, you can confidently maintain agility and a competitive edge, and move faster with innovation – all while knowing that you’re mitigating risk and enabling your people access to the right tools. You can also proactively pursue a cloud-smart adoption strategy.

On the flip side, without cloud governance, costs can quickly spiral out of control. If you don’t know who’s using what, it’s virtually impossible to accurately chargeback cloud spend to the right department. Plus, it’s hard to see whether you’re overspending on cloud resources or not. Budgeting and forecasting become overly complicated.

Things can start to go wrong from an operational perspective, too, if your cloud environment lacks structure and standardisation. For example, tags might not be added to resources. Backups may be configured incorrectly, or not at all. Endpoint protection might get overlooked. These little inconsistencies can snowball as you deploy cloud across more of the organisation – leaving your data and your business more exposed to risk.

You know you need it, but what does cloud governance look like?

There are three key elements to cloud governance. You need to:

• Identify and document your tolerance to risk

• Define policies to mitigate your identified risks and meet your compliance obligations

• Establish and implement processes to adopt and monitor these policies

It sounds simple, yet organisations often get these foundational elements wrong. Whether due to a lack of time or resources, or a corner-cutting mentality, risks are often not adequately identified, and processes are not always implemented. Cloud adoption can be siloed across the organisation, without an overarching governance framework. Increasingly, shadow IT also comes into play as employees and teams spin up environments without IT knowing about them.

All these issues can leave you exposed to risk of cyberattack or non-compliance with your industry’s regulations, not to mention budgetary blowouts.

So, where do you start?

When discussing cloud strategy with our customers, we recommend that all businesses moving to cloud implement a Cloud Centre of Excellence. Think of this as a multi-disciplinary team that spans across IT, finance and the broader business, to ensure a holistic approach to cloud adoption. Governance forms a key part of your Centre of Excellence.

We bake governance into our Cloud Adoption Framework, which follows a similar model to those offered by the hyperscalers like Microsoft Azure and AWS. As a core tenet of our Managed Services offering, we see governance as an iterative process – one which continually maps and cross-checks that all relevant controls, policies, and processes are being consistently applied across all your clouds.

In establishing your governance framework, think about your approach to cloud adoption. At Brennan IT, we encourage a cloud-smart approach, rather than cloud-first. A cloud-smart strategy balances cloud adoption against your specific needs, goals, and circumstances.

As a starting point when thinking about governance, ask yourselves:

• Do you understand the shared responsibility model of cloud security?

• Do you have visibility and reporting on your cloud environment?

• Do you know who’s using cloud, and for what? Or would you describe your cloud environment as ‘a little untidy’?

• Do you have a good grasp of your organisation’s total cloud spend?

• Are you confident about the security posture of your cloud deployment?

• Is your strategy cloud-smart, or cloud-first?

Your answers will provide a great starting point. And, if you need help in moving towards best-practice cloud governance, our team of experts can work collaboratively with you to get the job done.